Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Australian Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) and Systems of National Significance (SoNS) regulations are aimed at improving the resilience and risk management practices of Australia’s Critical Infrastructure sector and making it easier for organisations and governments to securely share information.

A common topic in our blog is the threat that insiders pose to an organization’s sensitive data. Why? ‘Insider threats’ continue to pose the biggest threats to intellectual property (IP) and military secrets. Insiders, including contractors, need access to sensitive information to do their job, but to what extent? How can we prevent sensitive information from being exfiltrated by malicious insiders?

As you look back on the state of cybersecurity in 2022 and set your security priorities for 2023, Zero Trust Data Access should top your New Year’s Resolutions list. Zero trust was probably the most talked about security trend last year and for good reason – it is clear no matter how much we layer our defenses hackers, malicious insiders and simple negligence are impossible to eradicate.

2022 has been a busy year in cybersecurity with some high-profile breaches taking over the headlines late in the year. From simple negligence to unpatched systems, phishing emails, hackers, and malicious insiders our systems and data remain vulnerable. It’s clear that despite our best investments in security training and technology there is still room for improvement in 2023.

Cyberattacks are still big business and on the rise. Despite substantial increases in cybersecurity spending, many businesses aren’t taking enough action to mitigate their risks. While a significant data breach in itself is a scary concept, the costs of inaction and the subsequent charges associated with investigations, penalty fines and reputational damage should worry you even more.

There are many ways to share data in SharePoint, including lists. A SharePoint list is a collection of data that a user can share with other users to whom they have permitted access. A variety of default list templates are provided in SharePoint to allow for easier set-up. Users can also import such lists (usually in CSV format) from other applications.

Data classification is an important business process. It makes it easier to apply data protection, helps employees understand what data is sensitive, and, importantly, which data can be made public. Unfortunately, many organizations provide employees with access to far more data than is needed. The oversharing of information with employees is a huge security risk.

Encryption is an essential means of protecting sensitive information and is required for certain types of data under many regulations. As more companies move to the Cloud and introduce Microsoft 365 (M365) applications like Teams and SharePoint Online to their communication and collaboration channels, the potential for data getting into the wrong hands grows exponentially making encryption strategies essential.

Encryption is an important security tool for protecting sensitive data. However, not all solutions used the same cipher techniques. There are a number of encryption algorithms that can be used to secure data with varying levels of security. To set acceptable standards for encryption technologies used by the U.S. Government the National Institute of Standards and Technology (NIST) has published the Federal Information Processing Standards (FIPS) series. These standards define how U.S.

archTIS Director of Federal and Defense, Bill Kalogeros recently presented a CMMC 2.0 Workshop with FCW on new controlled unclassified information or ‘CUI’ marking requirements for CMMC 2.0 which is expected to go into effect in May of 2023. Here’s a summary of his session and a link to the recording to learn more about the pending changes to CUI handling and how to prepare.